itlawwikiaorg-20200214-history
Cyberterrorism
Definition Various definitions exist for the term cyberterrorism (also spelled cyber-terrorism), just as various definitions exist for the term “terrorism.”Under 22 U.S.C. §2656, “terrorism” is defined as premeditated, politically motivated violence perpetrated against noncombatant targets by sub national groups or clandestine agents, usually intended to influence an audience. The United States has employed this definition of terrorism for statistical and analytical purposes since 1983. U.S. Department of State, 2002, Patterns of Global Terrorism, 2003.http://www.state.gov/s/ct/rls/pgtrpt/2001/html/10220.htm. Security expert Dorothy Denning defines cyberterrorism as “politically motivated hacking operations intended to cause grave harm such as loss of life or severe economic damage.”Dorothy Denning, "Activism, Hactivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy," in Networks and Netwars 241 (Rand 2001, John Arquilla & David Ronfeldt eds.); Dorothy Denning, "Is Cyber War Next?," Social Science Research Council (Nov. 2001)http://www.ssrc.org/sept11/essays/denning.htm. The Office of the Comptroller of the Currency defines it as “the use of computing resources against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives.”Office of the Comptroller of the Currency, Infrastructure Threats from Cyber-Terrorists 2 (Mar. 19, 1999). The Federal Emergency Management Agency (FEMA) defines cyberterrorism as “unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.”FEMA Toolkit. Others indicate that a physical attack that destroys computerized nodes for critical infrastructures, such as the Internet, telecommunications, or the electric power grid, without ever touching a keyboard, can also contribute to, or be labeled as cyberterrorism.Dan Verton, “A Definition of Cyber-terrorism”, Computerworld, Aug. 11, 2003 http://www.computerworld.com/securitytopics/security/story/0,10801,83843,00.html. At least two views exist for defining the term cyberterrorism: * Effects-based: Cyberterrorism exists when computer attacks result in effects that are disruptive enough to generate fear comparable to a traditional act of terrorism, even if done by criminals. * Intent-based: Cyberterrorism exists when unlawful or politically motivated computer attacks are done to intimidate or coerce a government or people to further a political objective, or to cause grave harm or severe economic damage. United States Threats to the U.S. cyber and telecommunications infrastructure are constantly increasingPeter Eisler, Reported Raids on Federal Computer Data Soar, USA Today (Feb. 17, 2009).http://www.usatoday.com/news/washington/2009-02-16-cyber-attacks_N.htm?csp=34 Based on data reportedly provided to USA Today, the U.S. Computer Emergency Readiness Team (US-CERT), a Department of Homeland Security entity, found that known cyberattacks on U.S. government networks rose 40% in 2008 compared to 2007. While this survey focused on U.S. government computer systems, telecommunications networks are maintained by private industry, and any degradation to these services or components would necessarily have negative implications for both public and private cyber activities. and evolving as are the entities that show interest in using a cyber-based capability to harm the nation’s security interests.See John Rollins & Clay Wilson, Terrorist Capabilities for Cyberattack: Overview and Policy Issues (CRS Report RL33123). Concerns have been raised since the 1990s regarding the use of the internet and telecommunications components to cause harm to the nation’s security interests. Activities producing undesirable results include unauthorized intrusion to gain access and view protected data, stealing or manipulating information contained in various databases, and attacks on telecommunications devices to corrupt data or cause infrastructure components to operate in an irregular manner. Of paramount concern to the national and homeland security communities is the threat of a cyber-related attack against the nation’s critical government infrastructures — “systems and assets, physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health and safety, or any combination of those matters.”42 U.S.C. §5195c(e). See also John D. Moteff, Critical Infrastructures: Background, Policy, and Implementation (CRS Report RL30153). Early concerns noted attacks on components of the energy grid, infrastructure control systems, and military equipment as examples of telecommunications based threats to physical infrastructures.Of note, many of the cyber-related incidences that were found to have negatively affected control systems connected to physical infrastructure components were resolved as being the work of current or former employees who had access to and knowledge of the architecture of the affected network. In response, the Department of Energy conducted an experiment in 2007 in which the control system of an unconnected generator, containing similar components as that of larger generators connected to many power grids in the nation supplying electricity, was damaged and became inoperable.Jeanne Meserve, Staged Cyber Attack Reveals Vulnerability in Power Grid, CNN online (Sept. 26, 2007).http://www.cnn.com/2007/US/09/26/power.at.risk/index.html#cnnSTCVideo A video of the experiment, named Project Aurora, and the resulting damage to the generator is available on the CNN website. While data from federal agencies demonstrate that the majority of attempted and successful cyberattacks to date have targeted virtual information resources rather than physical infrastructures,See Center for Strategic and International Studies, Securing Cyberspace for the 44th Presidency: A Report of the CSIS Commission on Cybersecurity for the 44th Presidency 12 (2008) (“we expected damage from cyber attacks to be physical (opened floodgates, crashing airplanes) when it was actually informational”). many security experts are concerned that the natural progression of those wishing to harm U.S. security interests will transition from stealing or manipulating data to undertaking action that temporarily or permanently disables or destroys the telecommunication network or affects infrastructure components. Many security observers agree that the United States currently faces a multi-faceted, technologically based vulnerability in that “our information systems are being exploited on an unprecedented scale by state and non-state actors in a dangerous combination of known and unknown vulnerabilities, strong adversary capabilities, and weak situational awareness.”House Permanent Select Committee on Intelligence, Cyber Security: Hearing on the Nation’s Cyber Security Risks, 110th Cong. (Sept. 18, 2008) (statement of Paul Kurtz, Former Senior Director, Critical Infrastructure Protection, White House Homeland Security Council). This, coupled with security observers’ contention that the United States lacks the capability to definitively ascertain perpetrators who might unlawfully access a database or cause harm to a network, leaves the nation increasingly at risk. It also causes acts or discussions related to deterring cyberattacks to be ignored or negated by entities exploiting known or newly found vulnerabilities. Prominent national security experts have emphasized the vulnerability of U.S. infrastructures. As recently as January 2009, former Director of National Intelligence (DNI) Mike McConnell equated “cyber weapons” with weapons of mass destruction when he expressed concern about terrorists’ use of technology to degrade the nation’s infrastructure. In distinguishing between individuals gaining access to U.S. national security systems or corporate data for purposes of exploitation for purposes of competitive advantage, former Director McConnell noted that terrorists aim to damage infrastructure and that the “time is not too far off when the level of sophistication reaches a point that there could be strategic damage to the United States.” The Charlie Rose Show, “Interview of Mr. Mike McConnell, Director of National Intelligence,” PBS (Jan. 8, 2009. Current State of Cyberterrorism There is reasonable evidence available that terrorist organizations use cyberspace to conduct the business of terrorism. Terrorists use the Internet and the World Wide Web to communicate with each other, recruit members, gather intelligence, raise money legally and illegally, organize and coordinate activities, obtain illegal passports and visas, and distribute propaganda. For instance: * Some Afghan-based terrorists, such as Osama bin-Laden, reportedly have computers, communications equipment, and large data storage disks for their operations."Afghanistan, Saudi Arabia: Editor’s Journey to Meet Bin-Laden Described,” London al-Quds al-‘Arabi, FBIS-TOT-97-003-L (Nov. 27, 1996) at 4. * Hamas, a Middle Eastern terrorist organization, reportedly uses Internet chat rooms and e-mail to plan and coordinate operations in Gaza, the West Bank, and Lebanon."Israel: U.S. Hamas Activists Use Internet to Send Attack Threats,” Tel Aviv IDF Radio, FBIS-TOT-97-001-L (Oct. 13, 1996). * Hizballah, another Middle Eastern group, manages several Internet Websites for propaganda purposes (http://www.hizbollah.org), to describe attacks against Israel (http://www.moqawama.org), and one for news and information.http://www.almanar.com.lb * Government computers reportedly were crashed by terrorist groups during elections in Indonesia, Sri Lanka, and Mexico. * Irish Republican Army (IRA) supporters reportedly leaked sensitive details on British army bases in Northern Ireland on the Internet. Sinn Fein also maintains a web site.http://sinnfein.ie Labeling a computer attack as “cyberterrorism” is problematic because of the difficulty determining the identity, intent, or the political motivations of an attacker with certainty. Under 22 U.S.C. §2656, “terrorism” is defined as premeditated, politically motivated violence perpetrated against noncombatant targets by sub-national groups or clandestine agents, usually intended to influence an audience. Criticism Some observers feel that the term “cyberterrorism” is inappropriate, because a widespread cyberattack may simply produce annoyances, not terror, as would a bomb, or other chemical, biological, radiological, or nuclear explosive (CBRN) weapon. However, others believe that the effects of a widespread computer network attack would be unpredictable and might cause enough economic disruption, fear, and civilian deaths, to qualify as terrorism. References Category:Security Category:Computer crime